Blindside
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
Install / Use
/learn @CymulateResearch/BlindsideREADME
Blinside
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.
Please note that this technique should only be used for research and testing purposes and should not be used for any illegal or malicious activities. This repository contains the necessary code and instructions for implementing the Blindside technique.
Related Skills
tmux
337.7kRemote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.
blogwatcher
337.7kMonitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.
prd
Raito Bitcoin ZK client web portal.
product
Cloud-agnostic Kubernetes infrastructure with Terraform & Helm for homelabs, edge, and production clusters.
